in our environ any user who login with sa they can change any table data.
so i write trigger to capture changed data like who change, from which IP etc this
CREATETRIGGER[TRG_Users]ON[dbo].[UserRights] AFTER INSERT,UPDATE,DELETEASDECLARE@strIP VARCHAR(MAX)SET@strIP=(SELECT dbo.GetCurrentIP())IFEXISTS(SELECT*FROM INSERTED)ANDEXISTS(SELECT*FROM DELETED)--PRINT 'Update happened';INSERTINTO Logger(IPAddress,Status)VALUES(@strIP,'UPDATE')ELSEIFEXISTS(SELECT*FROM INSERTED)--PRINT 'Insert happened';INSERTINTO Logger(IPAddress,Status)VALUES(@strIP,'INSERT')ELSE--PRINT 'Delete happened';INSERTINTO Logger(IPAddress,Status)VALUES(@strIP,'DELETE')CREATEFUNCTION[dbo].[GetCurrentIP]()
RETURNS varchar(255)ASBEGINDECLARE@IP_Address varchar(255);SELECT@IP_Address = client_net_address FROM sys.dm_exec_connections WHERE Session_id =@@SPID;Return@IP_Address;ENDbut the problem is user can change data after disabling the trigger on specific table. so trigger will not fire and user can seamlessly change data.
so guide me what is the best way to capture data change and log them. so no one can bypass the security. please do not tell me disable sa account because i am looking for different approach to capture the change data. is there any secure way exist in sql server 2005/2008 if yes then please discuss here. thanks